snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| powerpc-utils_project | powerpc-utils | 1.2.20 |
scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-345,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| powerpc-utils_project | powerpc-utils | - |